Skip to main content

Tag: cpanel

Installing mod_pagespeed on a cpanel server

sysadmin Leave a comment

PageSpeed is a very popular module for Apache and Nginx developed by Google that can optimize a lot of aspects of your web server.

 

Installation

You can follow these steps to install on a server with cpanel:

$>/usr/local/cpanel/3rdparty/bin/git clone https://github.com/pagespeed/cpanel.git /tmp/pagespeed/
$> cd /tmp/pagespeed/Easy
$> tar -zcvf Speed.pm.tar.gz pagespeed
$> mkdir -p /var/cpanel/easy/apache/custom_opt_mods/Cpanel/Easy
$> mv Speed.pm Speed.pm.tar.gz -t /var/cpanel/easy/apache/custom_opt_mods/Cpanel/Easy/
$> cd && rm -rf /tmp/pagespeed

Now, you can go to EasyApache in your WHM and compile the module, you have to check Mod PageSpeed in the apache modules config page.

PageSpeed Configuration

The module configuration file is:

/usr/local/apache/conf/pagespeed.conf

To activate/deactivate the module you can set this option on/off:

ModPagespeed on

Tmpfs for the pagespeed cache

Due to the hight IOPS load that the cache may involve, a good idea is to put it in memory if you have enough memory in your server. This ensures that the cache accesses will be very fast.

To configure a 1,5GB size tmpfs cache you have to add this line to your /etc/fstab file:

tmpfs			/var/mod_pagespeed/cache tmpfs  rw,uid=99,gid=99,size=1500m,mode=0777 0 0

After that, simply run mount /var/mod_pagespeed/cache command.

The uid and gid must be the user that the web server uses to run.

Some parameters to configure cache:

 
# Cache max size
ModPagespeedFileCacheSizeKb          768000 

 
# Cache Ionode limit
ModPagespeedFileCacheInodeLimit      500000

The cache expires old entries every 10 minutes if the value in ModPagespeedFileCacheSizeKb or ModPagespeedFileCacheInodeLimit is reached:

  ModPagespeedFileCacheCleanIntervalMs 600000

If you want to disable pagespeed in some accounts you can do it through .htaccess file

<IfModule pagespeed_module>
	ModPagespeed off
</IfModule>

Side Effects after installing PageSpeed on Cpanel

I got an unwanted side effect after installing PageSpeed on cpanel shared servers. The pagespeed module does its own http requests through its internal proxy to get the resources if them can not be found in the cache. These requests are originated from the server and the user-agent is something like “Serf/1.1.0 mod_pagespeed/1.9.32.4-7251”.

These requests are logged in domains access logs in /usr/local/apache/domlogs and in the logs used to audit the bandwidth used by each domain, so inevitable leads in an increase in traffic accounted by each domain.

192.168.1.10 - - [01/Sep/2015:14:52:26 +0200] "GET /style.css HTTP/1.1" 200 1861 "http://yourdomain.com/" "Serf/1.1.0 mod_pagespeed/1.9.32.4-7251"

Solution: Don’t log these internal requests made by mod_pagespeed in the apache logs!

Setting up SetEnvIF module to detect pagespeed requests

We are going to use the SetEnvIF apache module to detect the specific traffic made by pagespeed and then set an env variable. We will use this variable later to avoid logging these requests.

Edit pre_main_global.conf in cpanel and add the following configuration:

/usr/local/apache/conf/includes/pre_main_global.conf

<IfModule mod_setenvif.c>
    SetEnvIFNoCase User-Agent "^Serf/0.* mod_pagespeed/.*$" dontlog
    #SetEnvIf Remote_Addr "IP_SERVER" dontlog
</IfModule>

Now, if the User-Agent used by pagespeed is detected the variable dontlog is set. You can set the variable too if the request is made by the server itself (2nd line).

Set virtualhosts logging depending on the donlog variable

Because Cpanel rebuilds apache configuration file (httpd.conf) in every compilation you won’t want to make the changes directly in httpd.conf file. Instead of that, you should change the templates provided by cpanel to be sure the changes will kept.

Depending on the apache version you are running the templates are located in:

/var/cpanel/templates/apache2_2/
/var/cpanel/templates/apache2_4/

To make custom changes in the templates you have to make a local copy of the template you want to change and make the changes in it:

# cp /var/cpanel/templates/apache2_4/vhost.default /var/cpanel/templates/apache2_4/vhost.local

Edit vhost.local template and add env=!dontlog to the lines begining with CustomLog word:

[% IF logstyle == 'combined' -%]
    [%- IF !enable_piped_logs || !supported.mod_log_config -%]
    CustomLog [% paths.dir_domlogs %]/[% wildcard_safe(vhost.log_servername) %] combined env=!dontlog
    [%- END %]
[% ELSE %]
    TransferLog [% paths.dir_domlogs %]/[% wildcard_safe(vhost.log_servername) %]
[% END -%]
[% IF supported.mod_log_config && supported.mod_logio && !enable_piped_logs -%]
    CustomLog [% paths.dir_domlogs %]/[% wildcard_safe(vhost.log_servername) %]-bytes_log "%{%s}t %I .\n%{%s}t %O ." env=!dontlog
[% END -%]

This setting is telling apache not log anything if the dontlog variable is set.

The last step you need to do is to rebuild the apache configuration file:

/scripts/rebuildhttpdconf

Now, you can verify in your domains access logs that the pagespeed internal requests are not logged anymore.

Apache log: (22)Invalid argument: couldn’t grab the accept mutex

sysadmin Leave a comment

Some days ago I saw these messages in the apache error log in a cpanel server, the virtualhost was getting a 500 error:

[Tue Oct 22 14:37:11 2013] [emerg] (22)Invalid argument: couldn't grab the accept mutex
[Tue Oct 22 14:37:11 2013] [emerg] (22)Invalid argument: couldn't grab the accept mutex
[Tue Oct 22 14:37:11 2013] [emerg] (22)Invalid argument: couldn't grab the accept mutex

To solve this issue, edit /usr/local/apache/conf/includes/pre_virtualhost_global.conf file and add the following line:

AcceptMutex posixsem

Then restart apache

/etc/init.d/httpd graceful

According to Apache documentation, the AcceptMutex directives sets the method that Apache uses to serialize multiple children accepting requests on network sockets.

To read more see AcceptMutex Directive documentation

Files not showing up in cpanel file manager

sysadmin 1 Comment

When opening the file manager from cpanel the files were not showing up under public_html directory.
The issue in this case was caused because of a wrong group established in public_html directory. I had the directory owner like user:user and I had to change it to user:nobody. After changing the group to nobody the files were showed up again.

UPDATE:

You also should check cpanel error log (/usr/local/cpanel/logs/error_log). In other of my clients I checked the error log and I found this message:

Out of memory!

It seems a cpanel bug, because the server had free memory and after restarting the cpanel service the error was gone.

ModSecurity: Audit log: Failed to unlock global mutex: Permission denied

sysadmin 14 Comments

When using Cpanel 11.34.4 with mod_security (with ASL rules) + mod_ruid2 I got this error in Apache error log:

ModSecurity: Audit log: Failed to unlock global mutex: Permission denied

To solve:

put this lines into /usr/local/apache/conf/modsec2.user.conf

  SecAuditLogStorageDir /var/asl/data/audit
  SecAuditLogType Concurrent

Be sure you have right permissions under /var/asl/

UPDATE

You may still see this message in the error log file:

[Thu Feb 07 09:49:14 2013] [error] [client 199.115.231.231] ModSecurity: Audit log: Failed to create subdirectories: /var/asl/data/audit/20130207/20130207-0949 (Permission denied)

This is caused because each subdirectory is created with each apache httpd process owner, because of mod_ruid2 functionality. To solve this issue I’ve added this new mod_security directives for creating the logs subdirectories with the correct permissions.

SecAuditLogDirMode 0777
SecAuditLogFileMode 0550
SecAuditLogStorageDir /var/asl/data/audit
SecAuditLogType Concurrent

The last thing you have to do to allow to apache setting this file permissions when creating new files is set correct file creation mask.

I’ve edited /etc/init.d/httpd file and I’ve added this line at the top:

umask 000

Cannot detect your system information, you have to install ionCube loader manually

sysadmin 1 Comment

When accesing to the RVSiteBuilder in CPANEL I got the this error:

“Cannot detect your system information, you have to install ionCube loader manually.
Please contact your provider.”

The IonCube loader was correctly installed in /ioncube/, the solution for this error was to run the following script on the server:

# perl /var/cpanel/rvglobalsoft/rvsitebuilder/panelmenus/cpanel/scripts/autofixphpini.pl
Find php.ini...


PHP configulation for cPanel(3rdparty) has been successfully updated.
Using php Loader: IonCubeLoader
Updating md5sum list
Fetching http://httpupdate.cpanel.net/cpanelsync/easy/targz.yaml (connected:0).......(request attempt 1/12)...Resolving httpupdate.cpanel.net...(resolve attempt 1/65)...
	Fetching http://httpupdate.cpanel.net/mirror_addr_list (connected:0).......(request attempt 1/3)......connecting to 74.50.120.123...@74.50.120.123......connected......receiving...100%......request success......Done
...found 42 host(s) from mirror_addr_list......searching for mirrors (mirror search attempt 1/3)......loaded mirror speeds from cache......mirror search success...@74.50.120.123......connected......receiving...100%......request success......Done
Installing IonCubeLoader
Determining PHP version
Installing IonCube Loader binaries
Activating IonCube Loader extension in /usr/local/cpanel/3rdparty/etc/php.ini
IonCube Loader extension activated